fedora-security/audit fc4,1.93,1.94 fc5,1.4,1.5

Mark Cox (mjc) fedora-extras-commits at redhat.com
Wed Nov 23 14:14:11 UTC 2005 

Author: mjc

Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26020

Modified Files:
	fc4 fc5 
Log Message:
More work, 19 left



Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -r1.93 -r1.94
--- fc4	21 Nov 2005 11:07:27 -0000	1.93
+++ fc4	23 Nov 2005 14:14:09 -0000	1.94
@@ -1,11 +1,15 @@
-Up to date CVE as of CVE email 20051120
+Up to date CVE as of CVE email 20051121
 Up to date FC4 as of 200501120
 
 ** are items that need attention
 
-CVE-2005-3582 version (ImageMagick) gentoo only
+CVE-2005-3745 ** struts
+CVE-2005-3732 ** ipsec-tools
 CVE-2005-3675 ** kernel (optack)
-CVE-2005-3671 VULNERABLE (openswan, fixed 2.4.4)
+CVE-2005-3671 version (openswan, fixed 2.4.4) [since FEDORA-2005-1093]
+CVE-2005-3662 version (netpbm)
+CVE-2005-3632 version (netpbm)
+CVE-2005-3582 version (ImageMagick) gentoo only
 CVE-2005-3573 VULNERABLE (mailman)
 CVE-2005-3527 version (kernel, fixed 2.6.14 at least) [since FEDORA-2005-1067]
 CVE-2005-3402 ignore (thunderbird) mozilla say by design
@@ -241,8 +245,7 @@
 CVE-2005-1761 version (kernel, fixed 2.6.12.2) [since FEDORA-2005-510]
 CVE-2005-1760 VULNERABLE (sysreport)
 CVE-2005-1759 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
-CVE-2005-1759 VULNERABLE (openldap)
-CVE-2005-1759 VULNERABLE (php)
+CVE-2005-1759 ignore (php) dead code path
 CVE-2005-1751 VULNERABLE (nmap, fixed shtool 2.0.2) #158996
 CVE-2005-1751 ignore (openldap, fixed shtool 2.0.2) flawed code path not used
 CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
@@ -413,7 +416,7 @@
 CVE-2005-0468 version (krb5, fixed 1.4.1) [since FEDORA-2005-553] was backport since GA
 CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0449 version (kernel, fixed 2.6.11)
-CVE-2005-0448 VULNERABLE (perl) bz#173793
+CVE-2005-0448 version (perl, fixed 5.8.6) bz#173793
 CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
 CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
 CVE-2005-0403 version (kernel, not upstream)
@@ -689,7 +692,7 @@
 CVE-2004-0958 version (php, fixed 4.3.9)
 CVE-2004-0957 version (mysql, fixed 4.0.21)
 CVE-2004-0956 version (mysql, fixed 4.0.20)
-CVE-2004-0883 upstream (kernel, fixed 2.6.11)
+CVE-2004-0883 version (kernel, fixed 2.6.11)
 CVE-2004-0946 version (nfs-utils, fixed 1.0.6-r6)
 CVE-2004-0942 version (httpd, fixed 2.0.53)
 CVE-2004-0941 version (gd, fixed 2.0.22)


Index: fc5
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc5,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- fc5	23 Nov 2005 12:20:52 -0000	1.4
+++ fc5	23 Nov 2005 14:14:09 -0000	1.5
@@ -7,7 +7,7 @@
 and httpd
 3. Looked at those marked backport where we ship a newer version, manually
 looked at rest marked backport
-[todo: finish this, 32 CVE left]
+[todo: finish this, 19 CVE left]
 [todo: CVE from new packages added to FC5]
 [todo: file bugs for anything vulnerable]
 
@@ -134,7 +134,7 @@
 CVE-2005-2672 backport (lm_sensors)
 **CVE-2005-2666 VULNERABLE (openssh) see bz#162681
 CVE-2005-2642 version (mutt) openbsd only
-**CVE-2005-2641 VULNERABLE (pam_ldap) bz#166164
+CVE-2005-2641 version (nss_ldap, fixed pam_ldap:180)
 CVE-2005-2629 version (HelixPlayer, fixed 1.0.6)
 CVE-2005-2617 version (kernel, fixed 2.6.12.5)
 **CVE-2005-2602 VULNERABLE (firefox) probably
@@ -227,7 +227,7 @@
 CVE-2005-2095 version (squirrelmail, fixed 1.4.5)
 CVE-2005-2088 backport (httpd, fixed 2.0.55)
 **CVE-2005-2069 backport (openldap) [since FEDORA-2005-992]
-**CVE-2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
+CVE-2005-2069 version (nss_ldap, fixed pam_ldap:180)
 CVE-2005-2023 version (gnupg, fixed 1.9.15)
 CVE-2005-1993 version (sudo, fixed 1.6.8p9)
 CVE-2005-1992 version (ruby, fixed 1.8.3 at least)
@@ -249,18 +249,17 @@
 CVE-2005-1763 version (kernel, fixed 2.6.12)
 CVE-2005-1762 version (kernel, fixed 2.6.12)
 CVE-2005-1761 version (kernel, fixed 2.6.12.2)
-**CVE-2005-1760 VULNERABLE (sysreport)
+CVE-2005-1760 version (sysreport, fixed 1.4.1-3)
 CVE-2005-1759 ignore (openldap) fixed shtool 2.0.2 flawed code path not used
-**CVE-2005-1759 VULNERABLE (openldap)
-**CVE-2005-1759 VULNERABLE (php)
-**CVE-2005-1751 VULNERABLE (nmap) fixed shtool 2.0.2 #158996
+CVE-2005-1759 ignore (php) dead code path
+CVE-2005-1751 version (nmap, fixed 3.93 at least)
 CVE-2005-1751 ignore (openldap) fixed shtool 2.0.2. Flawed code path not used
 CVE-2005-1751 ignore (ncpfs) part of shtool in ncpfs is not vulnerable
-**CVE-2005-1740 backport (net-snmp, not fixed)
+CVE-2005-1740 version (net-snmp, fixed 5.2.2.rc5 at least)
 CVE-2005-1739 version (ImageMagick, fixed 6.2.2.3)
 CVE-2005-1705 backport (gdb)
 CVE-2005-1704 backport (gdb)
-**CVE-2005-1704 backport (binutils) ...eadelf-overflows.patch [since FEDORA-2005-498]
+CVE-2005-1704 version (binutils, fixed 2.16.91.0.3 at least)
 CVE-2005-1689 version (krb5, fixed 1.4.2)
 CVE-2005-1686 ignore (gedit) not a vulnerability
 CVE-2005-1636 version (mysql, fixed 4.1.12)
@@ -440,7 +439,7 @@
 CVE-2005-0468 version (krb5, fixed 1.4.1)
 CVE-2005-0468 backport (telnet) telnet-0.17-CAN-2005-468_469.patch
 CVE-2005-0449 version (kernel, fixed 2.6.11)
-**CVE-2005-0448 VULNERABLE (perl) bz#173793
+CVE-2005-0448 version (perl, fixed 5.8.6) bz#173793
 CVE-2005-0446 version (squid, fixed 2.5.STABLE9)
 CVE-2005-0404 ignore (kde) won't fix http://bugs.kde.org/show_bug.cgi?id=96020
 CVE-2005-0403 version (kernel) not upstream
@@ -499,8 +498,8 @@
 CVE-2005-0174 version (squid, fixed 2.5.STABLE8)
 CVE-2005-0173 version (squid, fixed 2.5.STABLE8)
 CVE-2005-0162 version (openswan, fixed 2.3.0)
-**CVE-2005-0156 backport (perl, not 5.8.6) perl-5.8.5-CAN-2005-0155+0156.patch
-**CVE-2005-0155 backport (perl, not 5.8.6) perl-5.8.5-CAN-2005-0155+0156.patch
+CVE-2005-0156 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
+CVE-2005-0155 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
 CVE-2005-0152 version (squirrelmail, not 1.4)
 CVE-2005-0150 version (firefox, fixed 1.0)
 CVE-2005-0149 version (firefox)
@@ -717,7 +716,7 @@
 CVE-2004-0983 version (ruby, fixed 1.8.2)
 CVE-2004-0981 version (ImageMagick, fixed 6.1.0)
 CVE-2004-0977 version (postgresql, fixed after 7.4.6)
-**CVE-2004-0976 backport (perl) [since FEDORA-2005-1077]
+CVE-2004-0976 backport (perl) perl-5.8.7-CAN-2004-0976.patch
 CVE-2004-0975 backport (openssl097a, fixed 0.9.7f)
 CVE-2004-0975 version (openssl, not 0.9.8)
 CVE-2004-0974 version (netatalk, fixed 2.0.1)
@@ -917,7 +916,7 @@
 CVE-2004-0460 version (dhcp, fixed after 3.0.1rc13)
 CVE-2004-0478 ignore (mozilla) not a security issue
 CVE-2004-0457 version (mysql, fixed after 4.0.20)
-**CVE-2004-0452 backport (perl, not 5.8.6)
+CVE-2004-0452 backport (perl) perl-5.8.5-CAN-2005-0155+0156.patch
 CVE-2004-0447 version (kernel, fixed 2.6.5)
 CVE-2004-0427 version (kernel, fixed 2.6.6)
 CVE-2004-0426 version (rsync, fixed 2.6.1)

More information about the fedora-extras-commits mailing list